General
-
Target
f80950b2bae48f894e98e2ab8dc3d5af7682f35fb76421eebbf036e911aa0f6a.exe
-
Size
2.0MB
-
Sample
241103-etmf6svekl
-
MD5
0d31d81c411d2a5506e307781667e4d8
-
SHA1
48a0f2a82b4cde36cc3c14a58796ac14012e8a4c
-
SHA256
f80950b2bae48f894e98e2ab8dc3d5af7682f35fb76421eebbf036e911aa0f6a
-
SHA512
6204705f9c70ca1bcc6425132019af7f063f33eed131a342420f5e426d4ea5dd99b58cff2db926952db19788843493ca4ff74221eab6147eeb3a31eead9fac6f
-
SSDEEP
49152:JxBbw7+iyTS93LyeBowsVLs0bYmg7fRyfQMtfH:JxIU63ueSwoLs0bSyQO
Malware Config
Extracted
stealc
tale
http://185.215.113.206
-
url_path
/6c4adf523b719729.php
Targets
-
-
Target
f80950b2bae48f894e98e2ab8dc3d5af7682f35fb76421eebbf036e911aa0f6a.exe
-
Size
2.0MB
-
MD5
0d31d81c411d2a5506e307781667e4d8
-
SHA1
48a0f2a82b4cde36cc3c14a58796ac14012e8a4c
-
SHA256
f80950b2bae48f894e98e2ab8dc3d5af7682f35fb76421eebbf036e911aa0f6a
-
SHA512
6204705f9c70ca1bcc6425132019af7f063f33eed131a342420f5e426d4ea5dd99b58cff2db926952db19788843493ca4ff74221eab6147eeb3a31eead9fac6f
-
SSDEEP
49152:JxBbw7+iyTS93LyeBowsVLs0bYmg7fRyfQMtfH:JxIU63ueSwoLs0bSyQO
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-